The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill is designed to manage high-value credentials. It interacts with the system clipboard using pbpaste to ingest secrets and reads from ~/.profile to identify service account tokens (MOLTY_OP_SERVICE_ACCOUNT_TOKEN). These operations are documented as core functionality for storing and retrieving 1Password items, and the skill provides clear instructions to never print these values to logs or chat.
[DYNAMIC_EXECUTION]: To securely perform operations like item creation, the skill generates temporary shell scripts in /tmp. These scripts are created with restricted file permissions (chmod 700) to prevent local exposure and are deleted immediately after execution within a tmux session.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill's metadata references the installation of the 1password-cli utility via Homebrew (brew), which is the official and trusted distribution method for this tool.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect injection as it ingests data from external sources like the system clipboard. However, it includes mitigation strategies such as basic validation of expected secret prefixes and strict boundary enforcement using a dedicated tmux session for all operations.

one-password